This document will guide you to provision and installing ElasticSearch in Cluster mode with:
- Master Node
- Ingest Node
- Data Node
When this document writen i'am using Amazon Web Service (AWS) as Cloud Provider with Elastic Cloud Compute (EC2) Instance. I provision EC2 Instance with Operating System Ubuntu 16.04 AMI Code ami-0ee0b284267ea6cde and following type:
- Master & Ingest Node: 3 x t2.large (2 Core, 8 GiB)
- Data Node: 3 x t2.xlarge (4 Core, 16 GiB)
Additional Node Required:
- Bastion Node (for SSH): 1 x t2.micro (1 core, 1GiB)
I also seperate the Virtual Private Cloud (VPC) with Private and Public Subnet where the subnet configuration is configured like following:
- 172.10.0.224/27 (Private Subnet for Availbility Zone A)
- 172.10.0.192/27 (Private Subnet for Availbility Zone B)
- 172.10.0.160/27 (Private Subnet for Availbility Zone C)
- 172.10.0.0/27 (Public Subnet for LB Availibility Zone A)
- 172.10.0.32/27 (Public Subnet for LB Availibility Zone B)
- 172.10.0.64/27 (Public Subnet for LB Availibility Zone C)
And the Security Group like following:
- ElasticSearch-Node
- Inbound
- TCP 9200 from ElasticSearch-Node Security Group
- TCP 9300 from ElasticSearch-Node Security Group
- TCP 8002 from ElasticSearch-Node Security Group
- TCP 8002 from ElasticSearch-Node-LB-Internal Security Group
- TCP 8002 from ElasticSearch-Node-LB-Public Security Group
- Outbound
- All TCP/UDP to 0.0.0.0/0
- Inbound
- ElasticSearch-Node-SSH
- Inbound
- TCP 22 from ElasticSearch-Node-Bastion Security Group
- Outbound
- All TCP/UDP to 0.0.0.0/0
- Inbound
- ElasticSearch-Node-Bastion
- Inbound
- TCP 22 from Your Public IP
- Outbound
- All TCP/UDP to 0.0.0.0/0
- Inbound
- ElasticSearch-Node-LB-Internal
- Inbound
- TCP 80 from Default Security Group
- Outbound
- All TCP/UDP to 0.0.0.0/0
- Inbound
- ElasticSearch-Node-LB-Public
- Inbound
- TCP 443 from 0.0.0.0/0
- Outbound
- All TCP/UDP to 0.0.0.0/0
- Inbound
For the Elastic Block Storage (EBS) every EC2 Instance has 2 disk, the first one is for Root Filesystem and the second one for ZFS Datastore. I use ZFS because i will use ZFS Snapshot for Data Backup in Filesystem Level, you can add AWS EBS Snapshot for Disk Backup.
If any other files that needs to be rewrited it will be available at https://gist.github.com/dimaskiddo/e2135ced6f3e46d6ce11cb5b8fce75e5. Now, we can start the setup with the following step-by-step :
sudo apt-get -y update
sudo apt-get -y dist-upgrade
sudo apt-get -y install ca-certificates apt-transport-https software-properties-common
sudo apt-get -y install curl wget rsync
sudo apt-get -y install net-tools dnsutils
sudo apt-get -y install htop nano
sudo apt-get -y autoremove
sudo apt-get -y clean
timedatectl set-timezone Asia/Jakarta
sudo apt-get -y update
sudo apt-get -y install zfsutils-linux
sudo apt-get -y autoremove
sudo apt-get -y clean
sudo fdisk /dev/xvdb
sudo zpool create -O compression=lz4 -o ashift=12 data /dev/xvdb1
sudo zfs create -s -o volblocksize=64k -V <CHANGE_THIS_TO_ZFS_DISK_SIZE> data/elasticsearch
sudo mkfs -t xfs -f /dev/zvol/data/elasticsearch
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt-get -y update
sudo apt-get -y install elasticsearch
sudo apt-get -y autoremove
sudo apt-get -y clean
sudo systemctl stop elasticsearch
sudo systemctl disable elasticsearch
sudo nano /etc/fstab
sudo mount /dev/zvol/data/elasticsearch /var/lib/elasticsearch/
sudo mount -a
sudo lsblk
sudo mkdir -p /var/lib/elasticsearch/data
sudo mkdir -p /var/lib/elasticsearch/logs
sudo chown -R elasticsearch:elasticsearch /var/lib/elasticsearch/
sudo chmod -R g+rs /var/lib/elasticsearch/
sudo chmod -R o-rwx /var/lib/elasticsearch/
sudo rm -rf /var/log/elasticsearch
sudo ln -sf /var/lib/elasticsearch/logs /var/log/elasticsearch
sudo mv /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/elasticsearch.yml.orig~
sudo nano /etc/elasticsearch/elasticsearch.yml
sudo chmod 660 /etc/elasticsearch/elasticsearch.yml
sudo mkdir -p /etc/systemd/system/elasticsearch.service.d
sudo nano /etc/systemd/system/elasticsearch.service.d/override.conf
sudo systemctl daemon-reload
sudo nano /etc/default/elasticsearch
sudo systemctl restart elasticsearch
sudo systemctl enable elasticsearch
Nginx installation only required for Ingest Node only it's required as Basic Auth Authentication to replace X-Pack Security Basic Auth module
sudo add-apt-repository ppa:ondrej/nginx
sudo apt-get -y update
sudo apt-get -y install nginx apache2-utils
sudo apt-get -y autoremove
sudo apt-get -y clean
sudo systemctl stop nginx
sudo systemctl disable nginx
sudo unlink /etc/nginx/sites-enabled/default
sudo nano /etc/nginx/nginx.conf
sudo nano /etc/nginx/sites-available/elasticsearch.conf
sudo ln -sf /etc/nginx/sites-available/elasticsearch.conf /etc/nginx/sites-enabled/
sudo htpasswd -c /etc/nginx/elasticsearch.htpasswd admin
sudo nginx -t
sudo systemctl restart nginx
sudo systemctl enable nginx